Privacy & Ex Libris
Ex Libris understands how important privacy is to you. The personal data you entrust to us belongs to you; we process it according to our Privacy Policy. If your personal information is provided by our customers for using our products, we process it only according to our agreements we have with those customers. As part of our continuous efforts to protect your personal data, we have adopted privacy by design precepts throughout our organization, from development through operations.
Should you have questions about how we safeguard your privacy, contact our Privacy Office at privacy@exlibrisgroup.com
Session & User Input Cookies
When you register with an Ex Libris site, we generate cookies that signal whether you are signed in. Our servers use these cookies to know which account you are signed in with, and if you are allowed access to a particular service. They also allow us to associate any comments you post with your username. If you have not selected “keep me signed in,” your cookies are deleted when you either close your browser or shut down your computer.
For more information regarding session cookies and cookies on our corporate sites, please see our cookie policy.
The General Data Protection Regulation (GDPR)
On May 25, 2018, a new privacy law called the General Data Protection Regulation (GDPR) began to apply in the European Union (EU). The GDPR replaces the Data Protection Directive (the Directive) which has been in effect since 1995. While the GDPR preserves many of the principles established in the Directive, the GDPR gives individuals greater control over their personal data and imposes many new obligations on organizations that collect, handle, or process personal data.
Ex Libris is committed to GDPR compliance. We have closely analyzed the requirements of the GDPR, and our engineering, product, security and legal teams have been working to align our procedures, documentation, contracts, and services to support compliance with the GDPR. We also support our customers during their GDPR compliance journey with our strong foundation of implemented security and privacy frameworks and certified security and privacy controls.
Data Processing Addendum
Ex Libris has published a Data Processing Addendum (DPA) for each of our product groups to incorporate the appropriate terms required by the GDPR into the relevant customer agreements. The DPAs have been created under the supervision of EU privacy experts and are designed to comply with the GDPR and to reflect the specific details of the data processing activities within Ex Libris’ services. All customers that are processing personal data that is subject to the GDPR through Ex Libris services should download, sign, and return the appropriate product DPA to allow both the customer and Ex Libris to comply with the DPA requirements of the GDPR.
ISO 27018:2014 Certified – Protection of Personally Identifiable Information
This ISO standard establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
Ex Libris complies with this standard and is ISO 27018 certified. This standard was originally published in 2014, and Ex Libris has been certified since 2016.
ISO 27701:2019 Certified – Privacy Information Management System (PIMS)
The ISO/IEC 27701:2019 is a data privacy extension to ISO 27001. ISO/IEC 27701 Privacy Information Management System (PIMS) is a standard that provides guidance for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS).
Ex Libris complies with this standard and is ISO 27701 certified. This standard establishes privacy requirements and helps manage privacy risks related to personally identifiable information (PII), outlines a comprehensive set of operational controls that can be mapped to various regulations, and helps Ex Libris comply with GDPR as well as other data protection regulations.
The ISO 27701 was originally published in 2019, and Ex Libris has been certified since 2020.
Data Protection Officer (DPO)
Ex Libris has appointed a Data Protection Officer who is responsible for, among other duties, ensuring that:
- Ex Libris complies with all relevant privacy-related legislation
- Employees are fully informed of their own responsibilities for acting within the law
- Ex Libris has proper risk-based systems of control over the personal data that it processes
- Ex Libris deals promptly and professionally with requests for information
- When acting as a data controller, Ex Libris will provide data subjects with a reasonable access mechanism that enables them to access their personal data and will allow them to update, rectify, erase, or transmit their personal data
Please contact our DPO at dpo@exlibrisgroup.com